Towards Secure IoT Programming in Haskell
Paper in proceeding, 2020

IoT applications are often developed in programming languages with low-level abstractions, where a seemingly innocent mistake might lead to severe security vulnerabilities. Current IoT development tools make it hard to identify these vulnerabilities as they do not provide end-to-end guarantees about how data flows within and between appliances. In this work we present Haski, an embedded domain specific language(eDSL) in Haskell for secure programming of IoT devices. Haski enables developers to write Haskell programs that generate C code without falling into many of C’s pitfalls. Haski is designed after the synchronous programming language Lustre, and sports a backwards compatible information-flow control extension to restrict how sensitive data is propagated and modified within the application. We present a novel eDSL design which uses recursive monadic bindings and allows a natural use of functions and pattern matching to write embedded programs. To showcase Haski, we implement a simple smarthouse controller where communication is done via low-energy Bluetooth on the Zephyr IoT OS.

Haskell

Synchronous programming

Information-Flow Control

IoT

eDSL

Author

Nachiappan Valliappan

Chalmers, Computer Science and Engineering (Chalmers), Information Security

Robert Krook

Chalmers, Computer Science and Engineering (Chalmers), Functional Programming

Alejandro Russo

Chalmers, Computer Science and Engineering (Chalmers), Information Security

Koen Claessen

Chalmers, Computer Science and Engineering (Chalmers), Functional Programming

Haskell 2020 - Proceedings of the 13th ACM SIGPLAN International Symposium on Haskell, co-located with ICFP 2020

136-150
9781450380508 (ISBN)

Haskell Symposium '20
Online, ,

Octopi: Säker Programering för Sakernas Internet

Swedish Foundation for Strategic Research (SSF) (RIT17-0023), 2018-03-01 -- 2023-02-28.

Subject Categories

Embedded Systems

Computer Science

Computer Systems

DOI

10.1145/3406088.3409027

More information

Latest update

4/21/2023